--- loncom/auth/lonracc.pm	2001/11/29 19:12:44	1.3
+++ loncom/auth/lonracc.pm	2003/05/27 18:31:31	1.10
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Access Handler for File Transfers
 #
-# $Id: lonracc.pm,v 1.3 2001/11/29 19:12:44 www Exp $
+# $Id: lonracc.pm,v 1.10 2003/05/27 18:31:31 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -34,13 +34,30 @@ package Apache::lonracc;
 
 use strict;
 use Apache::Constants qw(:common :remotehost);
+use Apache::lonnet();
 use Apache::File();
 
+sub subscribed {
+    my ($filename,$id) = @_;
+    my $found=0;
+    my $expr='^'.$id.':'.$Apache::lonnet::hostip{$id}.':';
+    $expr =~ s/\./\\\./g;
+    my $sh;
+    if ($sh=Apache::File->new("$filename.subscription")) {
+	while (my $subline=<$sh>) { if ($subline =~ /$expr/) { $found=1; } }
+	$sh->close();
+    }
+    return $found;
+}
+
 sub handler {
     my $r = shift;
-    my $reqhost;
-    unless ($reqhost=$r->get_remote_host(REMOTE_DOUBLE_REV)) {
-       $r->log_reason("Spoof request");
+    my $reqhost = $r->get_remote_host(REMOTE_DOUBLE_REV);
+    if (!$reqhost && $r->get_remote_host(REMOTE_NOLOOKUP) eq $r->get_server_name()) { 
+        $reqhost = $r->get_server_name();
+    } 
+    unless ($reqhost) {
+       $r->log_reason("Spoof request from ".$ENV{'REMOTE_ADDR'});
        return FORBIDDEN;
     }
     my $readline;
@@ -51,19 +68,26 @@ sub handler {
           $r->log_reason("Could not find host tab file");
           return FORBIDDEN;
        }
+       my $return;
+       my @ids=();
        while ($readline=<$fh>) {
           my ($id,$domain,$role,$name,$ip)=split(/:/,$readline);
           if ($name =~ /$reqhost/i) {
               my $filename=$r->filename;
-              if ((-e "$filename.$id") || ($filename=~/\.meta$/)) {
+              if ((-e "$filename.$id") ||
+		  &subscribed($filename,$id) ||
+		  ($filename=~/\.meta$/)) {
 	         return OK;
               } else {
-                 $r->log_reason("$id not subscribed", $r->filename);
-                 return FORBIDDEN;
+                 $return=FORBIDDEN;
+		 push(@ids,$id);
               }
           }
        }
-
+       if ($return == FORBIDDEN) {
+	   $r->log_reason(join(':',@ids)." not subscribed", $r->filename);
+	   return FORBIDDEN;
+       }
     }
     $r->log_reason("Invalid request for file transfer from $reqhost", 
                    $r->filename); 
@@ -73,6 +97,50 @@ sub handler {
 1;
 __END__
 
+=head1 NAME
+
+Apache::lonracc - Access Handler for File Transfers
+
+=head1 SYNOPSIS
+
+Invoked by /etc/httpd/conf/loncapa.conf:
+
+ <LocationMatch "^/raw.*">
+ PerlAccessHandler Apache::lonracc
+ </LocationMatch>
+
+=head1 INTRODUCTION
+
+This module enables authentication for file transfers and works
+against the /res tree.
+
+Only lond invokes the /raw namespace through its subscribe function.
+
+This is part of the LearningOnline Network with CAPA project
+described at http://www.lon-capa.org.
+
+=head1 HANDLER SUBROUTINE
+
+This routine is called by Apache and mod_perl.
+
+=over 4
+
+=item *
+
+Determine requesting host
+
+=item *
+
+See whether or not the requesting host is subscribed.
+
+=item *
+
+Respond with status of request and make log entry in case of unallowed
+access.
+
+=back
+
+=cut